We are connecting to Active Directory using this code, inside our ASP.NET MVC 5 app:
string ADusername = System.Web.Configuration.WebConfigurationManager.AppSettings["ADUserName"];
string ADpassword = System.Web.Configuration.WebConfigurationManager.AppSettings["ADPassword"];
using (var context = new DirectoryEntry("LDAP://mydomain.com:389/DC=mydomain,DC=com", ADusername, ADpassword))
Now at the beginning the thought that username/password we are specifying inside the DirectoryEntry should be an Active Directory admin, to be able to get the users' info, but if i try to pass a non-admin user i am able to get all the user's info as well..
My question is: what is the minimum permission for a user to be able to connect to Active Directory using DirectoryEntry ?
Thanks
Without getting excessively detailed, the minimum is simply a user account. By default all users in Active Directory are able to connect and query information from the directory.
If it suits your other requirements, get rid of the username and password as these are bound to get you into a weakened security situation. Instead look at using a (group) managed service account.
The managed service account is designed to provide services and tasks such as Windows services and IIS application pools to share their own domain accounts, while eliminating the need for an administrator to manually administer passwords for these accounts. It is a managed domain account that provides automatic password management.
If you truly need the minimum, you would need to look into the directory security policies, and the permissions on the individual objects you plan to work with.